<?php
//add_comment
function comment_add() {
	global $conf;

	if(!perms_check('comments', 'write')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	SQLvalidate($_POST['mail'], 'varchar');
	SQLvalidate($_POST['who'], 'varchar');
	SQLvalidate($_POST['title'], 'varchar');
	SQLvalidate($_POST['text'], 'text');
	SQLvalidate($_POST['what'], 'varchar', 60);
	SQLvalidate($_POST['whatid'], 'int', 10);

	if($_SESSION['id']) {
		$_POST['who']=$_SESSION['id'];
		$_POST['mail']='';
	}
	elseif($_POST['who'])
		$_POST['who']='~'.$_POST['who'];

	if(!in_array($_POST['what'], $conf['comments_tables'])) {
		redirect('index.php');
		exit;
	}
	
	if($_POST['mail']) {
		if(verify_mail($_POST['mail']) == false) {
			redirect($_SESSION['redirect_1'].'&error=comments_error2#cmts');
			exit;
		}
	}

	if(perms_check('comments', 'add_wm') or !$conf['comments_moderate']) {
		$visible=1;
		$redirect=$_SESSION['redirect_1'].'#cmts';
	}
	else {
		$visible=0;
		$redirect='index.php?module=info&info=comment_info1';
	}
	if($_POST['text'] && $_POST['who'] && checkCode($_POST['code'])) {
		$db = new dbquery;

		$_POST['text']=post_text_comments($_POST['text']);
		$_POST['title']=post_text_comments($_POST['title']);
		$_POST['who']=post_text_comments($_POST['who']);
		$_POST['mail']=post_text_comments($_POST['mail']);

		$date=date('Y-m-d H:i:s');

		//delete tpl_cache
		update_tpl_cache($_POST['what'], $_POST['whatid']);

		//add comment
		$db->query("INSERT INTO $conf[prefix]comments (`id` , `who` , `title` , `text` , `mail` , `date` , `ip` , `lang` , `what` , `whatid` , `visible`) VALUES (NULL, '$_POST[who]', '$_POST[title]', '$_POST[text]', '$_POST[mail]', '$date', '$_SERVER[REMOTE_ADDR]', '$_SESSION[lang_short]', '$_POST[what]', '$_POST[whatid]', '$visible')") or $db->err(__FILE__, __LINE__);
		if($visible) {
			$db->query("UPDATE $conf[prefix]$_POST[what] SET `comments_$_SESSION[lang_short]`=comments_$_SESSION[lang_short]+1 WHERE id=$_POST[whatid]") or $db->err(__FILE__, __LINE__);
			if($_SESSION['id'])
				add_user_points($_SESSION['id'], $conf['comments_user_points']);
		}
		//

		//add log
		
		//

		redirect($redirect);
		exit;
	}
	else {
		redirect($_SESSION['redirect_1'].'&error=comments_error1#cmts');
		exit;
	}
}
//

//comment_edit
function comment_edit() {
	global $conf, $lang;

	SQLvalidate($_POST['mail'], 'varchar');
	SQLvalidate($_POST['who'], 'varchar');
	SQLvalidate($_POST['title'], 'varchar');
	SQLvalidate($_POST['text'], 'text');
	SQLvalidate($_POST['id'], 'int', 10);

	$db = new dbquery;

	$db->query("SELECT * FROM $conf[prefix]comments WHERE id=$_POST[id]") or $db->err(__FILE__, __LINE__);
	$u = $db->fetch_object();

	if(!perms_check('comments', 'edit') && $_SESSION['id']!=$u->who) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	if($db->num_rows()==0) {
		redirect($_SESSION['redirect_1']);
		exit;
	}

	$_POST['text']=post_text_comments($_POST['text']);
	$_POST['title']=post_text_comments($_POST['title']);
	$_POST['who']=post_text_comments($_POST['who']);
	$_POST['mail']=post_text_comments($_POST['mail']);

	$sql='';
	if($_POST['who']) {
		$_POST['who']='~'.post_text_comments($_POST['who']);
		$sql.=", who='".$_POST['who']."'";
	}

	if($_POST['mail'])
		$sql.=", mail='".$_POST['mail']."'";

	$db->query("UPDATE $conf[prefix]comments SET title='$_POST[title]', text='$_POST[text]', date='$_POST[date]'$sql WHERE id='$_POST[id]'") or $db->err(__FILE__, __LINE__);

	update_tpl_cache($u->what, $u->whatid);

	//add log
	
	//

	if($_POST['url'])
		redirect($_POST['url']);
	else
		redirect($_SESSION['redirect_2']);
	exit;
}
//

//deleting comment
function comment_delete($id_=false, $redirect=true, $perms=true) { 
	global $conf;

	if(!perms_check('comments', 'del') && $perms) {
		redirect('index.php?module=error&error=auth_error');
		exit;
	} 

	if(!$id_)
		$id_=$_GET['id'];

	SQLvalidate($id_, 'int', 10);

	$db = new dbquery;
	$db->query("SELECT * FROM $conf[prefix]comments WHERE id=$id_") or $db->err(__FILE__, __LINE__);
	$d = $db->fetch_object();


	if($db->num_rows()>0) {
		if($d->visible) $db->query("UPDATE $conf[prefix]$d->what SET `comments_$_SESSION[lang_short]`=comments_$_SESSION[lang_short]-1 WHERE id='$d->whatid'") or $db->err(__FILE__, __LINE__);
		$db->query("DELETE FROM $conf[prefix]comments WHERE id=$id_") or $db->err(__FILE__, __LINE__);
		update_tpl_cache($d->what, $d->whatid);
		if(is_numeric($u->who))
			delete_user_points($u->who, $conf['comments_user_points']);
		
		//add log
		
		//
	}

	if($redirect) {
		redirect($_SESSION['redirect_2']);
		exit;
	}
}
//

function comments_multi_delete(){
	if(!perms_check('comments', 'del')) {
		redirect('index.php?module=error&error=auh_error');
		exit;
	}

	foreach($_POST['ids'] as $id_) {
		comment_delete($id_, false);
	}

	redirect($_SESSION['redirect_2']);
	exit; 
}

function comments_multi_add(){
	global $conf;

	if(!perms_check('comments', 'edit')) {
		redirect('index.php?module=error&error=auh_error');
		exit;
	}

	$db = new dbquery;

	foreach($_POST['ids'] as $id_) {
		SQLvalidate($id_, 'int', 10);
		$db->query("SELECT * FROM $conf[prefix]comments WHERE id=$id_") or $db->err(__FILE__, __LINE__);
		$d = $db->fetch_object();
		if($d->visible==0) {
			$db->query("UPDATE $conf[prefix]$d->what SET comments_".$d->lang."=comments_".$d->lang."+1 WHERE id='$d->whatid'") or $db->err(__FILE__, __LINE__);
			$db->query("UPDATE $conf[prefix]comments SET visible=1 WHERE id='$d->id'") or $db->err(__FILE__, __LINE__);
			update_tpl_cache($d->what, $d->whatid);
			if(is_numeric($d->who))
				add_user_points($d->who, $conf['comments_user_points']);
		}
	}

	if($_POST['url'])
		redirect($_POST['url']);
	else
		redirect('index.php?module=admin&action=comments&cmd=moderate');
	exit; 
}
?>
